background image

Description

Required Information

IP Address:

Specifies the IP address of the RADIUS authentication
server the source context will communicate with to
provide subscriber authentication functions.

Multiple addresses are needed if multiple RADIUS
servers will be configured.

RADIUS authentication servers are configured within
the source context. Multiple servers can be configured
and each assigned a priority.

RADIUS Authentication server

Shared Secret:

The shared secret is a string between 1 and 15
characters (alpha and/or numeric) that specifies the
key that is exchanged between the RADIUS
authentication server and the source context.

A shared secret is needed for each configured
RADIUS server.

UDP Port Number:

Specifies the port used by the source context and the
RADIUS authentication server for communications.
The UDP port number can be any integer value
between 1 and 65535. The default value is 1812.

L2TP Network Server

6

L2TP Network Server

Source Context Configuration

Summary of Contents for L2TP

Page 1: ...ement Operations chapter in the System Administration Guide Important When enabled though the session license and feature use key LNS functionality is configured as context level services on the system LNS services support the termination of L2TP encapsulated tunnels from L2TP Access Concentrators LACs in accordance with RFC 2661 While establishing the L2TP session from LAC to LNS the PPP connecti...

Page 2: ...e peer LACs The source context is also be configured to provide AAA functionality for subscriber sessions The destination context facilitates the packet data network interface s and can optionally be configured with pools of IP addresses for assignment to subscriber sessions In this configuration the LNS service in the source context terminates L2TP tunnels from peer LACs and routes the subscriber...

Page 3: ...ill be configured IP address and subnet This specifies the physical port to which the interface will be bound Ports are identified by the chassis slot number where the line card resides in followed by the number of the physical connector on the line card For example port 17 1 identifies connector number 1 on the card in slot 17 A single physical port can facilitate multiple interfaces Physical por...

Page 4: ...h tunnel facilitated by the LNS service The number can be configured to any integer value from 1 to 65535 The default is 65535 Maximum number of sessions per tunnel This defines the maximum number of tunnels supported by the LNS service The number can be configured to any integer value from 1 to 32000 The default is 32000 Maximum number of tunnels IP address or network prefix and mask The IP addre...

Page 5: ...igured IP address and subnet A single physical port can facilitate multiple interfaces Physical port number This is an identification string between 1 and 79 characters alpha and or numeric by which the physical port will be recognized by the system Multiple descriptions are needed if multiple ports will be used Physical ports are configured within the source context and are used to bind logical A...

Page 6: ...assigned a priority RADIUS Authentication server Shared Secret The shared secret is a string between 1 and 15 characters alpha and or numeric that specifies the key that is exchanged between the RADIUS authentication server and the source context A shared secret is needed for each configured RADIUS server UDP Port Number Specifies the port used by the source context and the RADIUS authentication s...

Page 7: ... communications The UDP port number can be any integer value between 1 and 65535 The default value is 1813 Specifies the name by which the source context will be identified in the Access Request message s it sends to the RADIUS server The name must be between 1 and 32 alpha and or numeric characters and is case sensitive RADIUS attribute NAS Identifier Specifies the IP address of the source contex...

Page 8: ...face Multiple addresses and or subnets are needed if multiple interfaces will be configured IP address and subnet A single physical port can facilitate multiple interfaces Physical port number This is an identification string between 1 and 79 characters alpha and or numeric by which the physical port will be recognized by the system Multiple descriptions will be needed if multiple ports will be us...

Page 9: ...st from a peer LAC is received by the LNS service The tunnel is to facilitate a subscriber session 2 The LAC and LNS establish the L2TP tunnel according to the procedures defined in RFC 2661 Once the L2TP tunnel is established subscriber L2TP sessions can be established 3 The LNS service determines which context to use in providing AAA functionality for the subscriber session if authentication is ...

Page 10: ...ure additional LNS service properties refer LNS Configuration Mode Commands chapter in Command Line Interface Reference Important To configure the system to provide access control list facility to subscribers Step 1 Create the LNS service and bind it to an interface IP address by applying the example configuration in the Creating and Binding LNS Service section Step 2 Specify the authentication pa...

Page 11: ...vice Use the following example to authentication parameters for LNS service configure context dest_ctxt_name lns service lns_svc_name authentication allow noauth chap pref mschap pref pap pref msid auth end Note For more information on authentication procedure and priorities refer authentication command section in LNS Configuration Mode Commands chapter of the Command Line Interface Reference Conf...

Page 12: ...ed for the subscriber in the event that their mobile node does not negotiate CHAP PAP or MSCHAP If this option is selected no further attempts are made to authenticate the user Instead the constructed NAI is used for accounting purposes This command should only be used if the LNS service is configured to allow no authentication using the authentication allow noauth command Important Verifying the ...

Page 13: ...on Enabled Tunnel Switching Enabled Max Tunnel Challenge Length 16 PPP Authentication CHAP 1 PAP 2 Allow Noauthentication Disabled MSID Authentication Disabled No NAI Construct Domain defined No Default Subscriber defined IP Src Violation Reneg Limit 5 IP Src Violation Drop Limit 10 IP Src Violation Period 120 secs Service Status Not started Newcall Policy None L2TP Network Server 13 L2TP Network ...

Page 14: ...L2TP Network Server 14 L2TP Network Server Verifying the LNS Service Configuration ...

Reviews: